[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] XSS vuln- swapitshop.com
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] XSS vuln- swapitshop.com
- From: <vulnkiller@xxxxxxxxxxxx>
- Date: Sun, 28 May 2006 15:33:21 +0100
<html>
<P>Vendor: SwapitShop.com- 'Safe cash for young people that they can earn &
spend on things they want.'</P>
<P>Discovered by: robokoder</P>
<P>N.B. admin were informed 20 days ago... no fix yet- appalling</P>
<P> </P>
<P>this is a cross-site scripting (XSS) vulnerability that allows for the
injection of potentially malicious javascript into links that appear to go to
the trusted <A href="http://swapitshop.com";>http://swapitshop.com</A>. The
injection is in the search form, the input of which is not properly filtered.
Vuln link (non-malicious demonstration): >> <A
href="http://www.swapitshop.com/cgi-bin/swapitshop/browse.cgi?username=&ac=&action=search&find=<script>alert(document.cookie)</script">http://www.swapitshop.com/cgi-bin/swapitshop/browse.cgi?username=&ac=&action=search&find=<script>alert(document.cookie)</script</A>>
<<</P>
<P>this can obviously be exploited, e.g. to direct the user to a fake login
page so the hacker can steal their password, and thus their swapits.
Alternatively it could direct the user to a site where their cookies are
stolen. There are obviously other possibilities, but you get the idea...</P>
<P>Given the nature of this site where users put their faith in virtual
currency, not fixing a vuln like this immediately, let alone after 20 days is
unnaceptable. It is being released to force them to fix it, and ultimately in
the interest of their users.</P>
<P> </P>
</html><BR>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/